Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted on By HL Chronicle of Data Protection Posted in Consumer Privacy, International/EU Privacy, Social Media

IAPP Piece Explores Jurisdictional Implications of French Court’s Privacy/Hate Speech Dilemma

On June 12, a French Court of Appeals upheld a decision ordering Twitter to divulge the identities of the authors of anti-Semitic tweets, which are illegal under French law. The original injunction, which was issued by a French lower court judge in January, also ordered Twitter to install a mechanism that would enable users to inform Twitter of illegal content more easily. While Twitter instituted a new mechanism for reporting illegal content, it appealed the order to disclose its users’ identities, citing potential privacy implications.

In a detailed analysis of the court’s order for the IAPP Privacy Perspectives blog, Chris Wolf of Hogan Lovells’ Washington, DC office and Winston Maxwell of the Paris office describe how the order, issued directly by the French court to California-based Twitter, which does not have a French establishment, implicates jurisdictional issues and calls into question the use of anonymity as a privacy shield to post hate speech online.

Posted on By HL Chronicle of Data Protection Posted in Consumer Privacy, News & Events

Free Teleconference this Thursday — The Implications of the NSA Leaks for Privacy Professionals — To Be Moderated by Hogan Lovells Partner

Hogan Lovells Privacy and Information Management Director Chris Wolf will moderate a free IAPP teleconference this Thursday, June 20, at 4 PM EDT on “The Implications of the NSA Leaks for Privacy Professionals.” To register, click here.

Posted on By Michael Epshteyn Posted in Consumer Privacy, Financial Privacy

FTC Issues New Red Flags Rule Guidance

The Federal Trade Commission (“FTC”) recently issued a revised guidance (“Guide”) on the Red Flags Rule (“Rule”) (see “Fighting Identity Theft with the Red Flags Rule: A How-To Guide for Business”). The Red Flags Rule requires certain businesses to develop, implement and administer an identity theft protection program. The purpose of this Guide is to help businesses determine whether they are subject to the Rule as a “financial institution” or “creditor” that maintains “covered accounts.” For businesses that are covered by the Rule, the Guide includes tips on establishing an identity theft prevention program that meets the Rule’s requirements.

Continue Reading

Posted on By Lionel de Souza Posted in Consumer Privacy, International/EU Privacy

French Government Has Serious Reservations About the Draft EU Regulation, Putting its Adoption in Doubt

According to Fleur Pellerin, the French Minister for Digital Economy, the Minister of Justice has rejected the latest version of the draft EU Data Protection Regulation.  In Parliamentary questioning on 11 June, the Minister confirmed the French Government’s commitment to ensuring adequate protection of personal data, but stated that the French Government’s opposition is based on the current concept of “one stop shop” for data controllers established in more than one Member state of the European Union. This position follows the CNIL’s expression of concern because of the potential difficulties data subjects could face in submitting complaints to a foreign data protection authority.

Continue Reading

Posted on By HL Chronicle of Data Protection Posted in News & Events

Hogan Lovells U.S. Privacy and Information Management Practice Ranked as a Top-Tier Practice by Chambers USA and Legal 500 US

Chambers Legal 2013Chambers USA and Legal 500 US recently released their 2013 rankings, and  Hogan Lovells’ Privacy and Information Management practice was placed in Band 1 by Chambers USA and in Tier 1 by Legal 500 US. Also, both of our practice leaders, Marcy Wilder and Christopher Wolf, were selected for Chambers’ top rankings among privacy law practitioners  and were dubbed “Leading Lawyers” by Legal 500.

Chambers noted our practice for “outstanding client service and scope of knowledge,” and spotlighted our leading healthcare-focused work. Legal 500 sources said that they “value [our practice] for providing ‘pragmatic, business-relevant advice with minimal legalese.’” Continue Reading

Posted on By Mac Macmillan Posted in International/EU Privacy

UK ICO Publicizes Concerns on Draft Data Protection Regulation

Glass GlobeConcerned that the prescriptive nature of the proposed EU Data Protection Regulation will impose a significant additional administrative burden on regulators, the UK Information Commissioner’s Office (ICO) has published on its website a letter to the Secretary of State for Justice which re-states the Information Commissioner’s concerns about the proposed Regulation.

The key source of the Commissioner’s concerns is that the prescriptive nature of the Regulation will impose a significant additional administrative burden on regulators.  Coupled with the abolition of notification fees, the ICO’s current source of funding, the Commissioner suggests the ICO would no longer be able to intervene on the basis of risk and proportionality, and that this would make it less effective.

Aspects of the Regulation which the Commissioner identifies as being of particular concern are: Continue Reading

Posted on By Pablo Rivas Posted in Consumer Privacy, International/EU Privacy

Spanish Data Protection Agency Releases Guidance on Cookies Regulation

On April 26th, the Spanish Data Protection Agency (“SDPA”) issued its long-awaited guidance on the Spanish cookies regulation, which requires companies seeking to place cookies on users’ devices to obtain those users’ prior opt-in consent after providing them with clear and complete information about the use of cookies and the purposes for which data collected via cookies will be processed.  The guidance, which the SDPA drafted in collaboration with industry, takes a business-oriented approach and provides companies with several alternatives for complying with the regulation’s notice and consent requirements. 

Continue Reading

Posted on By Mark Taylor Posted in Cybersecurity & Data Breaches, International/EU Privacy

UK Publishes Call for Evidence on Proposed EU Cybersecurity Directive

BrowserIn February 2013, the European Union published the EU Cyber Security Strategy and accompanying proposed Directive (which we previously covered here). Now, in anticipation of the implementation of the Directive, the UK’s Department for Business, Innovation and Skills (BIS) has published a call for evidence to look at the impact of the Directive upon businesses in the UK. Continue Reading

Posted on By HL Chronicle of Data Protection Posted in News & Events

Personal Data Use Analysis a Focus of Expert Discussion

A meeting in London to discuss the contours of a use-based model as an approach to data protection is occurring today.  Approximately thirty regulators, industry officials, advocates, and academics are participating, including Hogan Lovells partner Chris Wolf.  The meeting is being hosted by the Privacy Projects and is being moderated by Viktor Mayer-Schönberger, Professor of Internet Governance and Regulation at the University of Oxford, and Fred Cate from the Center for Applied Cybersecurity Research at Indiana University.

The discussion is centering on how, in addition to the current focus on notice, choice, and purpose specification at time of data collection, use analysis can be used a tool of data protection.  There is a focus on the “harms” or “impacts” of information to help guide determinations about uses and use conditions in context.  The participants seem to agree a use analysis can serve as means effectively to implement the Fair Information Practice Principles (FIPPs), helping to determine when and how notice, consent, access, etc. can be implemented.  Focusing on use in a sense shifts the analysis away from relying predominantly on the protections at the time of collection of data, which makes sense in a world where there are multiple channels of collection of data about people, as well as potential beneficial (and non-risky) uses of data for “Big Data” analytical purposes.

Documents relevant to the discussion include the English translation of the CNIL’s 2012 report, Methodology for Privacy Risk Management, and the World Economic Forum’s 2013 report, Unlocking the Value of Personal Data: From Collection to Usage.

Posted on By HL Chronicle of Data Protection Posted in International/EU Privacy, News & Events

Hogan Lovells White Paper Examines National Security Access to Personal Data in the Cloud Around the World

Hogan Lovells has published a White Paper demonstrating that the limitations applied to U.S. law enforcement access to data stored in the Cloud during national security and foreign intelligence investigation in many cases surpass restrictions applied during similar investigations in other countries.  A Sober Look at National Security Access to Data in the Cloud was written by Christopher Wolf, co-director of Hogan Lovells’ Privacy and Information Management Practice based out of Washington, D.C., and Winston Maxwell, a partner in Hogan Lovells’ Paris office specializing in media, communications, and data protection.  The White Paper was released and discussed by Messrs. Maxwell and Wolf at a program of the OpenForum Academy in Brussels.

Continue Reading